An apparatus comprises a memory and at least one processor in communication with the memory. The at least one processor is to detect, during a discovery window, a neighboring client station that is to perform peer-to-peer Wi-Fi communication via a Neighbor Awareness Networking (NAN) protocol and establish, via a negotiation after the discovery window, a datapath with the neighboring client station, wherein the negotiation includes an exchange of NAN data path setup attributes in parallel with an exchange of encryption cipher attributes and the encryption cipher is based on a simultaneous authentication of equals (SAE) protocol. The SAE protocol can be used to generate key material to encrypt the datapath.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. An apparatus comprising: a memory; and at least one processor in communication with the memory, wherein the at least one processor is configured to: detect, during a discovery window, a neighboring client station that is to perform peer-to-peer Wi-Fi communication via a Neighbor Awareness Networking (NAN) protocol; and establish, via a negotiation after the discovery window, a datapath with the neighboring client station that is detected during the discovery window, wherein the negotiation includes an exchange of NAN data path setup attributes in parallel with an exchange of attributes for an encryption cipher, wherein the encryption cipher is based on a simultaneous authentication of equals (SAE) protocol, and wherein the SAE protocol is used to generate key material to encrypt the datapath.
This invention relates to wireless communication systems, specifically improving peer-to-peer Wi-Fi communication using the Neighbor Awareness Networking (NAN) protocol. The problem addressed is the inefficiency in establishing secure data paths between client stations during NAN operations, particularly the delays caused by sequential negotiation of encryption and data path setup attributes. The apparatus includes a memory and at least one processor configured to detect a neighboring client station during a NAN discovery window. After detection, the processor initiates a negotiation to establish a secure data path. Unlike conventional methods, this negotiation occurs in parallel, exchanging both NAN data path setup attributes and encryption cipher attributes simultaneously. The encryption cipher is based on the Simultaneous Authentication of Equals (SAE) protocol, which generates key material for encrypting the data path. By parallelizing these exchanges, the invention reduces latency and improves efficiency in peer-to-peer communication setup. The solution ensures secure and rapid establishment of data paths between client stations in NAN environments.
2. The apparatus as in claim 1 , wherein the negotiation includes a NAN data path setup handshake, the NAN data path setup handshake including a data path request message, a data path response message, a data path confirm message and a data path security install message.
This invention relates to wireless communication systems, specifically to apparatuses and methods for establishing secure data paths in Neighbor Awareness Networking (NAN) environments. The problem addressed is the need for a standardized and secure process to negotiate and establish data paths between devices in a NAN, ensuring reliable and protected communication. The apparatus includes a transceiver and a processor configured to perform a NAN data path setup handshake. This handshake consists of four key messages: a data path request message, a data path response message, a data path confirm message, and a data path security install message. The data path request message initiates the negotiation, specifying the desired parameters for the data path. The data path response message acknowledges the request and may include additional parameters or conditions. The data path confirm message finalizes the agreement on the data path parameters. The data path security install message establishes security protocols, ensuring encrypted and authenticated communication between the devices. This structured handshake ensures that data paths are established efficiently and securely, addressing challenges in dynamic and decentralized NAN environments where devices may frequently join or leave the network. The invention improves reliability and security in wireless communication by standardizing the negotiation process.
3. The apparatus as in claim 1 , wherein the negotiation includes an SAE handshake, the SAE handshake including at least one SAE commit message and at least one SAE confirm message.
This invention relates to secure authentication and key exchange in communication systems, specifically addressing the need for robust and efficient security protocols in networked devices. The apparatus includes a system for negotiating security parameters between two devices, where the negotiation process incorporates a Security Association Establishment (SAE) handshake. The SAE handshake is a cryptographic protocol designed to establish a secure communication channel by exchanging at least one SAE commit message and at least one SAE confirm message. The commit message initiates the key exchange process, while the confirm message finalizes the agreement on cryptographic parameters, ensuring mutual authentication and secure session establishment. The apparatus may also include components for generating, transmitting, and validating these messages, as well as mechanisms for handling errors or interruptions during the handshake. This approach enhances security by preventing unauthorized access and ensuring that only authenticated devices can establish secure connections. The invention is particularly useful in wireless networks, IoT devices, and other systems where secure communication is critical.
4. The apparatus as in claim 1 , wherein the at least one processor is to generate a password and cause a transmission or presentation of the password to the neighboring client station via an out-of-band channel.
This invention relates to secure communication systems, specifically addressing the challenge of establishing secure connections between devices in a network without relying solely on in-band communication channels, which can be vulnerable to interception or tampering. The apparatus includes at least one processor configured to generate a password and transmit or present it to a neighboring client station via an out-of-band channel. The out-of-band channel is a secondary communication path separate from the primary data transmission channel, such as a visual display, audio signal, or physical medium, reducing the risk of eavesdropping or man-in-the-middle attacks. The password serves as a shared secret or authentication key, enabling secure pairing or session establishment between the devices. The apparatus may also include a network interface for in-band communication and a user interface for out-of-band password presentation. The use of an out-of-band channel enhances security by ensuring that the initial authentication step is not exposed to the same vulnerabilities as the primary communication channel. This method is particularly useful in wireless networks, IoT devices, and other scenarios where secure device pairing is critical.
5. The apparatus as in claim 1 , wherein the at least one processor is to receive a password from the neighboring client station via an out-of-band channel.
A system for secure communication between networked devices addresses the challenge of protecting sensitive data during authentication and key exchange. The system includes a processor that establishes a secure connection with a neighboring client station by exchanging cryptographic keys. To enhance security, the processor receives a password from the neighboring client station through an out-of-band channel, which is a communication path separate from the primary network. This out-of-band channel ensures that the password is transmitted independently of the main network, reducing the risk of interception or tampering. The system may also include a memory to store the received password and a network interface to facilitate communication with the neighboring client station. The processor verifies the password and, upon successful authentication, establishes a secure session for data exchange. This approach mitigates vulnerabilities associated with in-band authentication methods, such as man-in-the-middle attacks, by leveraging the out-of-band channel for credential transmission. The system is particularly useful in environments where network security is critical, such as enterprise networks, financial institutions, or government systems.
6. The apparatus as in claim 1 , additionally comprising a NAN protocol enabled communications device coupled with the at least one processor, the NAN protocol enabled communications device including at least one antenna, at least one radio coupled to the at least one antenna, and at least one processor.
This invention relates to wireless communication systems, specifically enhancing devices with Neighbor Awareness Network (NAN) protocol capabilities for improved device-to-device (D2D) communication. The problem addressed is the lack of seamless, low-power, and efficient direct communication between nearby devices without relying on traditional infrastructure like cellular networks or Wi-Fi access points. The apparatus includes at least one processor and a NAN protocol-enabled communications device. The NAN device comprises at least one antenna, a radio coupled to the antenna, and a dedicated processor. The radio facilitates wireless communication using NAN protocols, enabling direct, peer-to-peer interactions between devices in close proximity. The dedicated processor handles NAN-specific tasks, such as synchronization, discovery, and data exchange, reducing the load on the main processor. This setup allows devices to form ad-hoc networks, share data, and synchronize operations without centralized control, improving efficiency and reducing power consumption. The invention is particularly useful in IoT applications, smart home systems, and public safety scenarios where infrastructure-free communication is critical.
7. The apparatus as in claim 6 , wherein the NAN protocol enabled communications device is to perform at least one of Wi-Fi communication or Bluetooth communication.
A wireless communication apparatus is designed to facilitate data exchange in a neighborhood area network (NAN) environment, addressing challenges in seamless connectivity and interoperability between devices using different wireless protocols. The apparatus includes a NAN protocol-enabled communication device configured to establish and manage NAN clusters, allowing devices to discover and communicate with each other efficiently. The device supports at least one of Wi-Fi or Bluetooth communication, enabling flexible connectivity options depending on the application requirements. The apparatus may also include a processor to execute instructions for managing NAN operations, such as synchronization, data routing, and security protocols. Additionally, the device may incorporate a memory to store configuration settings, device identifiers, and communication logs. The apparatus ensures reliable and low-latency data transmission within the NAN, enhancing performance in applications like smart home automation, industrial IoT, and public Wi-Fi networks. The inclusion of Wi-Fi or Bluetooth support allows the device to integrate with a wide range of existing wireless technologies, improving compatibility and scalability in diverse networking scenarios.
8. The apparatus as in claim 6 , wherein the NAN protocol enabled communications device is to: generate a default password, wherein the default password is a binary password generated via a hash function, the default password used to generate key material to encrypt the datapath in absence of a password supplied by the at least one processor; and generate one or more SAE protocol attributes based on the binary password.
This invention relates to secure communication in wireless networks, specifically addressing the challenge of establishing encrypted data paths in the absence of user-provided credentials. The apparatus includes a Near-Field Communication (NFC) or similar protocol-enabled device that autonomously generates a default password when no user-supplied password is available. This default password is a binary value derived from a hash function, ensuring cryptographic strength. The device uses this password to generate key material, which secures the data path through encryption. Additionally, the apparatus produces one or more Simultaneous Authentication of Equals (SAE) protocol attributes based on the binary password, facilitating secure authentication and key exchange. The system ensures robust security even when traditional password inputs are unavailable, maintaining confidentiality and integrity in wireless communications. The invention is particularly useful in scenarios where automated or device-to-device connections require secure initialization without manual intervention.
9. The apparatus as in claim 6 , wherein the at least one processor is to: generate or receive a password, the password used to generate key material to encrypt the datapath; convert the password to a binary password via a hash function; and transmit the binary password to the NAN protocol enabled communications device.
This invention relates to secure communication in a Neighbor Awareness Network (NAN) environment, addressing the need for encrypted data transmission between devices. The apparatus includes at least one processor configured to manage secure communication by generating or receiving a password, which is then used to derive key material for encrypting the datapath. The password is converted into a binary format using a hash function, ensuring secure transformation before transmission. The binary password is then sent to a NAN protocol-enabled communications device, enabling secure data exchange. The system ensures that sensitive information is protected during transmission by leveraging cryptographic techniques to generate and transmit encrypted data securely. The apparatus may also include additional components such as a memory for storing encryption keys or a network interface for facilitating communication with other NAN devices. The invention focuses on enhancing security in NAN communications by implementing robust encryption methods, ensuring that data integrity and confidentiality are maintained.
10. The apparatus as in claim 9 , wherein the NAN protocol enabled communications device is to generate one or more SAE protocol attributes based on the binary password received from the at least one processor.
This invention relates to wireless communication systems, specifically improving security and interoperability in Near Field Communication (NFC) and Short-Range Wireless Communication (SRWC) environments. The problem addressed is the need for secure, standardized authentication between devices using different protocols, such as NFC and SAE (Secure Authentication Exchange) protocols, while ensuring compatibility with existing systems. The apparatus includes a processor and a communication device enabled for NFC and SAE protocols. The communication device receives a binary password from the processor and generates one or more SAE protocol attributes based on this password. These attributes are used to authenticate and establish secure communication between devices. The system ensures that devices operating under different protocols can securely exchange data without requiring manual intervention or additional hardware. The binary password serves as a cryptographic key, enabling secure authentication while maintaining compatibility with legacy systems. The invention enhances security by leveraging standardized protocols and automating the authentication process, reducing the risk of unauthorized access. The solution is particularly useful in applications requiring high-security wireless communication, such as mobile payments, access control, and secure data transfers.
11. The apparatus as in claim 10 , wherein the at least one processor is to store at least a first portion of the key material in the memory, the NAN protocol enabled communications device is to internally store at least a second portion of the key material, and the NAN protocol enabled communications device is to recover or re-setup the datapath with the neighboring client station via at least the first portion of the key material or the second portion of the key material.
This invention relates to wireless communication systems, specifically improving secure data transmission in Neighbor Awareness Network (NAN) environments. The problem addressed is maintaining secure communication links between devices when one or more components of the key material used for encryption are lost or corrupted, which can disrupt data transmission. The apparatus includes a processor and a NAN protocol-enabled communication device. The processor stores at least a portion of the key material in memory, while the NAN device internally stores another portion. If the datapath between the NAN device and a neighboring client station is disrupted, the system can recover or re-establish the connection using either the stored portion in memory or the portion stored internally by the NAN device. This redundancy ensures continuous secure communication even if one portion of the key material is compromised or unavailable. The solution enhances reliability in wireless networks by preventing communication failures due to key material loss, ensuring seamless data transmission in dynamic environments.
12. A non-transitory machine-readable medium storing instructions to cause one or more processors of an electronic device to perform one or more operations comprising: detecting, during a discovery window, a neighboring client station that is to perform peer-to-peer Wi-Fi communication via a Neighbor Awareness Networking (NAN) protocol; negotiating, after the discovery window, NAN protocol parameters for a datapath with the neighboring client station that is detected during the discovery window, wherein the negotiating includes exchanging NAN data path setup attributes in parallel with an exchange of attributes for an encryption cipher, wherein the encryption cipher is based on a simultaneous authentication of equals (SAE) protocol; generating key material to encrypt the datapath using the SAE protocol; and establishing the datapath with the neighboring client station.
This invention relates to wireless communication systems, specifically improving peer-to-peer Wi-Fi communication using the Neighbor Awareness Networking (NAN) protocol. The problem addressed is the inefficiency in establishing secure data paths between client stations during NAN operations, particularly in negotiating encryption parameters and datapath setup attributes. The solution involves a non-transitory machine-readable medium storing instructions for an electronic device to perform several operations. First, the device detects a neighboring client station during a NAN discovery window, identifying a potential peer for communication. After the discovery window, the device negotiates NAN protocol parameters for a data path with the detected station. This negotiation occurs in parallel, exchanging both NAN data path setup attributes and encryption cipher attributes. The encryption cipher is based on the Simultaneous Authentication of Equals (SAE) protocol, which provides secure key exchange. The device then generates key material using the SAE protocol to encrypt the data path and finally establishes the secure data path with the neighboring station. This approach optimizes the setup process by concurrently handling datapath and encryption negotiations, reducing latency and improving efficiency in peer-to-peer Wi-Fi communication.
13. The non-transitory machine-readable medium as in claim 12 , wherein the negotiating includes performing a NAN data path setup handshake process and the NAN data path setup handshake process including a data path request message, a data path response message, a data path confirm message, and a data path security install message.
This invention relates to wireless communication systems, specifically improving data path negotiation in Neighbor Awareness Networking (NAN) environments. NAN is a Wi-Fi technology that enables devices to discover and communicate with each other without requiring a traditional Wi-Fi infrastructure. A key challenge in NAN is establishing reliable and secure data paths between devices, which often involves complex handshake procedures that can introduce latency and inefficiency. The invention addresses this by defining a structured NAN data path setup handshake process. This process includes four distinct message exchanges: a data path request message, a data path response message, a data path confirm message, and a data path security install message. The data path request message initiates the negotiation, allowing a device to request a data path with another device. The data path response message is sent in reply, indicating whether the request is accepted or rejected. If accepted, the data path confirm message finalizes the agreement, while the data path security install message ensures that the connection is secured before data transmission begins. This structured approach streamlines the negotiation process, reducing delays and improving reliability in NAN communications. The invention is implemented as a non-transitory machine-readable medium containing instructions to execute this handshake process, ensuring compatibility with existing NAN protocols while enhancing performance.
14. The non-transitory machine-readable medium as in claim 12 , wherein the negotiating includes an SAE handshake, the SAE handshake including at least one SAE commit message and at least one SAE confirm message.
This invention relates to secure authentication and key exchange in communication systems, specifically focusing on the use of a Simultaneous Authentication and Exchange (SAE) handshake protocol. The SAE handshake is a method for establishing a secure communication channel between two devices by exchanging cryptographic messages to authenticate the parties and derive shared cryptographic keys. The SAE handshake includes at least one SAE commit message, which is an initial message sent by one device to propose cryptographic parameters and initiate the authentication process. The handshake also includes at least one SAE confirm message, which is a response message sent by the other device to confirm the proposed parameters, complete the authentication, and establish the secure session. The SAE handshake is designed to be efficient and resistant to various security threats, such as man-in-the-middle attacks, by ensuring that both devices can verify each other's identity and agree on shared cryptographic keys before communication begins. This method is particularly useful in wireless networks, such as Wi-Fi, where secure and efficient authentication is critical for protecting data integrity and privacy. The invention improves upon existing authentication protocols by providing a more streamlined and secure process for key exchange and authentication.
15. The non-transitory machine-readable medium as in claim 12 , the operations additionally comprising generating a password and transmitting or presenting the password to the neighboring client station via an out-of-band channel.
A system and method for secure communication between client stations in a network environment addresses the challenge of establishing secure connections without relying solely on in-band communication channels, which can be vulnerable to interception or tampering. The invention involves a non-transitory machine-readable medium storing instructions that, when executed, perform operations to enhance security in network communications. These operations include generating a password and transmitting or presenting the password to a neighboring client station via an out-of-band channel. The out-of-band channel is a secondary communication path separate from the primary network channel, such as a Bluetooth connection, QR code, or near-field communication (NFC), ensuring that the password exchange is not exposed to potential eavesdropping or man-in-the-middle attacks. The password serves as a shared secret or authentication key, enabling the client stations to establish a secure connection over the primary network channel. This approach mitigates risks associated with insecure in-band communication, such as session hijacking or unauthorized access, by leveraging the out-of-band channel for initial key exchange. The system may also include additional security measures, such as encryption or multi-factor authentication, to further protect the communication. The invention is particularly useful in environments where secure communication is critical, such as enterprise networks, financial transactions, or IoT device interactions.
16. The non-transitory machine-readable medium as in claim 12 , the operations additionally comprising receiving a password from the neighboring client station via an out-of-band channel.
A system and method for secure communication between client stations in a network environment addresses the challenge of authenticating neighboring devices without relying solely on in-band communication channels, which can be vulnerable to interception or spoofing. The invention involves a non-transitory machine-readable medium storing instructions that, when executed, perform operations to enhance security in device-to-device communication. These operations include establishing a secure connection between a client station and a neighboring client station, where the connection is authenticated using cryptographic techniques. Additionally, the system receives a password from the neighboring client station via an out-of-band channel, such as a secondary communication path or physical interface, to further verify the identity of the neighboring device. This out-of-band password exchange ensures that authentication is not solely dependent on the primary communication channel, reducing the risk of man-in-the-middle attacks or unauthorized access. The system may also generate and exchange cryptographic keys to secure subsequent communications, ensuring confidentiality and integrity of data transmitted between the devices. The invention is particularly useful in environments where secure device pairing is critical, such as in IoT networks, industrial control systems, or wireless mesh networks.
17. The non-transitory machine-readable medium as in claim 12 , the operations additionally comprising: via a NAN protocol enabled communications device coupled with the one or more processors: generating a default password, wherein the default password is a binary password generated via a hash function, the default password used to generate key material to encrypt the datapath in absence of an out-of-band password supplied by the one or more processors; and generating one or more SAE protocol attributes based on the binary password.
This invention relates to secure communication protocols in wireless networks, specifically addressing the challenge of establishing secure connections in the absence of pre-shared or out-of-band authentication credentials. The system involves a non-transitory machine-readable medium storing instructions that, when executed by one or more processors, perform operations to enhance security in wireless communications. A NAN (Neighbor Awareness Networking) protocol-enabled device generates a default password, which is a binary password derived from a hash function. This default password serves as a fallback mechanism to generate key material for encrypting the datapath when an out-of-band password is not provided by the processors. Additionally, the system generates one or more SAE (Simultaneous Authentication of Equals) protocol attributes based on the binary password, ensuring secure authentication and key exchange in wireless networks. The invention improves security by providing a robust fallback mechanism for scenarios where traditional authentication methods are unavailable, ensuring encrypted communication even in the absence of pre-shared credentials. The use of hash functions and SAE attributes further strengthens the security framework, making it resilient against unauthorized access.
18. The non-transitory machine-readable medium as in claim 12 , the operations additionally comprising: generating or receiving a password used to generate key material to encrypt the datapath; convert the password to a binary password via a hash function; and transmit the binary password to a NAN protocol enabled communications device coupled with the one or more processors.
A system and method for secure communication in a Neighbor Awareness Network (NAN) environment addresses the challenge of protecting data transmitted between devices using NAN protocols. The invention involves generating or receiving a password that is used to derive cryptographic key material for encrypting data transmitted over the communication datapath. The password is converted into a binary format using a hash function, ensuring a secure and standardized representation. The resulting binary password is then transmitted to a NAN-enabled communications device, which can use it to establish a secure communication channel. This process enhances security by ensuring that sensitive data is encrypted before transmission, mitigating risks of interception or unauthorized access. The system may also include additional operations such as establishing a secure connection between devices, authenticating the devices, and managing cryptographic keys to maintain secure communication. The invention is particularly useful in environments where devices need to communicate securely without relying on pre-shared keys or centralized authentication systems.
19. The non-transitory machine-readable medium as in claim 18 , wherein the NAN protocol enabled communications device is to generate one or more SAE protocol attributes based on the binary password.
A system for secure communication in a Neighborhood Area Network (NAN) environment addresses challenges in authentication and key exchange between devices. The system includes a NAN protocol-enabled device that generates one or more Service Advertisement Exchange (SAE) protocol attributes based on a binary password. These attributes are used to establish secure communication links between devices in the NAN. The binary password is derived from a shared secret or a pre-shared key, ensuring that only authorized devices can participate in the network. The SAE protocol attributes facilitate secure authentication and encryption, preventing unauthorized access and ensuring data integrity. The system may also include a method for deriving the binary password from a user input or a pre-configured key, ensuring flexibility in deployment scenarios. The NAN protocol-enabled device may further include a processor and memory to execute the necessary operations for generating and processing the SAE protocol attributes. This approach enhances security in NAN communications by leveraging cryptographic techniques to authenticate devices and protect data exchanges.
20. The non-transitory machine-readable medium as in claim 19 , the operations additionally comprising storing at least a first portion of the key material in a memory coupled with the one or more processors, wherein the NAN protocol enabled communications device is to internally store at least a second portion of the key material, and the NAN protocol enabled communications device is to recover or re-setup the datapath with the neighboring client station via at least the first portion of the key material or the second portion of the key material.
This invention relates to secure communication in Neighbor Awareness Networking (NAN) protocols, addressing the challenge of maintaining secure data paths between devices when connectivity is disrupted. The system involves a machine-readable medium storing instructions for a NAN-enabled device to manage cryptographic key material used to establish and recover secure data paths with neighboring client stations. The key material is split into at least two portions: one stored in a memory accessible to the device's processors, and another stored internally by the NAN-enabled device itself. This split storage ensures redundancy and resilience, allowing the device to recover or re-establish the data path using either portion of the key material if connectivity is lost or needs to be reset. The approach enhances reliability in dynamic wireless environments where devices frequently move in and out of range, ensuring continuous secure communication without requiring full re-authentication or key exchange. The solution is particularly useful in IoT and mesh networking scenarios where devices must maintain secure connections despite intermittent connectivity.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
September 27, 2019
April 5, 2022
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.